I wonder how I could setup ejabberd in a way that each virtual domain gets his own SSL cert?
doma.tld -> doma.pem
domb.tld -> domb.pem
domc.tld -> domc.pem
and so on. So far that seems to be not possible if I use the standard ports 5222 oder 5223. I think something like VirtualHost from apache is missing.
One idea is that I could setup different SRV dns records but I'm not sure how many Jabber clients actually query these records.
I think that it isn't
I think that it isn't possible using old SSL connections (port 5223) because SSL handshake starts before ejabberd knows about virtual host client connects.
But it could be perfectly possible for STARTTLS method. But for now support for different SSL certificates for different virtual hosts isn't implemented.
Can 0.9.8 handle multiple
Can 0.9.8 handle multiple different SSL certs now for different virtual hosts? I'm not sure how to configure this part but it seems possible now.
Multi-SSL
I think this is more a problem with SSL itself than ejabberd. IIRC SSL certs are issued based on IP not domain so you can't have multiple SSL Certs for different virtual hosts
different ports; DNS SRV
Right now (ejabberd 0.9.8) the SSL cert is specified on the 'listen' section, so it's specified per-node. Try the web admin: the 'listened sockets' page is available only on the main server, not on the virtual hosts subparts.
You could define two ports (5222 and 5224), on each one set a different SSL cert and allow logins only to the corresponding users (using 'acl'+'access'). But this way, some of your users will have to configure their clients manually.
If I remember correctly, Exodus, Psi and Pandion do. Tkabber doesn't.
Different SSL certificates for different virtual domains
According to today's commit (432), thedevelopment version of ejabberd in Subversion supports this feature:
--
sander